Changeset 8245

Timestamp:

07/19/10 20:14:53 (3 years ago)

Author:

GeorgeClark

Message:

Item9318: Restore access checks for Func:: createWeb. This also
requires changes to tests that use Func::createWeb

Location:

trunk

Files:

• CommentPlugin/test/unit/CommentPlugin/CommentPluginTests.pm (modified) (1 diff)
• MailerContrib/test/unit/MailerContrib/MailerContribSuite.pm (modified) (1 diff)
• TWikiCompatibilityPlugin/test/unit/TWikiCompatibilityPlugin/TWikiFuncTests.pm (modified) (2 diffs)
• TwistyPlugin/test/unit/TwistyPlugin/TwistyPluginTests.pm (modified) (1 diff)
• UnitTestContrib/test/unit/FuncTests.pm (modified) (6 diffs)
• UnitTestContrib/test/unit/PrefsTests.pm (modified) (1 diff)
• UnitTestContrib/test/unit/StoreTests.pm (modified) (1 diff)
• core/lib/Foswiki/Func.pm (modified) (3 diffs)

trunk/CommentPlugin/test/unit/CommentPlugin/CommentPluginTests.pm

@@ -24 +24 @@
     $this->{target_web}   = "$this->{test_web}Target";
     $this->{target_topic} = "$this->{test_topic}Target";
-    Foswiki::Func::createWeb( $this->{target_web} );
+    my $webObject = Foswiki::Meta->new( $this->{session}, $this->{target_web} );
+    $webObject->populateNewWeb();
 }
 

trunk/MailerContrib/test/unit/MailerContrib/MailerContribSuite.pm

@@ -64 +64 @@
 
     # Will get torn down when the parent web dies
-    Foswiki::Func::createWeb($testWeb2);
+    my $webObject = Foswiki::Meta->new( $this->{session}, $testWeb2 );
+    $webObject->populateNewWeb();
 
     $this->registerUser( "tu1", "Test", "User1", "test1\@example.com" );

trunk/TWikiCompatibilityPlugin/test/unit/TWikiCompatibilityPlugin/TWikiFuncTests.pm

@@ -23 +23 @@
     $this->{tmpdatafile} = $TWiki::cfg{TempfileDir} . '/tmpity-tmp.gif';
     $this->{test_web2}   = $this->{test_web} . 'Extra';
-    $this->assert_null( Foswiki::Func::createWeb( $this->{test_web2} ) );
+    my $webObject = Foswiki::Meta->new( $this->{session}, $this->{test_web2} );
+    $webObject->populateNewWeb();
 }
 
@@ -35 +36 @@
 sub test_web {
     my $this = shift;
+
+    $this->{session}->finish();
+    $this->{session} = new Foswiki( $Foswiki::cfg{AdminUserLogin} );
 
     TWiki::Func::createWeb( $this->{test_web} . "/Blah" );

trunk/TwistyPlugin/test/unit/TwistyPlugin/TwistyPluginTests.pm

@@ -258 +258 @@
 
     my $testWebSubWebPath = $this->{test_web} . '/SubWeb';
-    Foswiki::Func::createWeb($testWebSubWebPath);
+    my $webObject = Foswiki::Meta->new( $this->{session}, $testWebSubWebPath );
+    $webObject->populateNewWeb();
     my $testTopic         = 'TwistyTestTopic';
     my $source            = <<SOURCE;

trunk/UnitTestContrib/test/unit/FuncTests.pm

@@ -53 +53 @@
     use Foswiki::AccessControlException;
     $Foswiki::cfg{EnableHierarchicalWebs} = 1;
+
+    $this->{session}->finish();
+    $this->{session} = new Foswiki( $Foswiki::cfg{AdminUserLogin} );
 
     try {
@@ -70 +73 @@
     $Foswiki::cfg{EnableHierarchicalWebs} = 1;
 
+    $this->{session}->finish();
+    $this->{session} = new Foswiki( $Foswiki::cfg{AdminUserLogin} );
+
     try {
         Foswiki::Func::createWeb($this->{test_web}."InvaliBase", "Invalidbase");
@@ -85 +91 @@
     $Foswiki::cfg{EnableHierarchicalWebs} = 0;
 
+    $this->{session}->finish();
+    $this->{session} = new Foswiki( $Foswiki::cfg{AdminUserLogin} );
+
     try {
         Foswiki::Func::createWeb($this->{test_web} . "/Subweb");
@@ -99 +108 @@
     $Foswiki::cfg{EnableHierarchicalWebs} = 1;
 
-    Foswiki::Func::createWeb( $this->{test_web} . 'Blah' );
-    Foswiki::Func::createWeb( $this->{test_web} . 'Blah/SubWeb' );
+    my $webObject = Foswiki::Meta->new( $this->{session}, $this->{test_web} . "Blah"  );
+    $webObject->populateNewWeb();
+    undef $webObject;
+    $webObject = Foswiki::Meta->new( $this->{session}, $this->{test_web} . "Blah/SubWeb"  );
+    $webObject->populateNewWeb();
+
     $this->assert( Foswiki::Func::webExists( $this->{test_web} . 'Blah' ) );
     $this->assert(
@@ -497 +510 @@
     my $web = $this->{test_web}."/SubWeb";
     #$web = Assert::TAINT($web);
-    Foswiki::Func::createWeb( $web );
+    #
+    my $webObject = Foswiki::Meta->new( $this->{session}, $web );
+    $webObject->populateNewWeb();
 
     my $stream;
@@ -636 +651 @@
     $Foswiki::cfg{EnableHierarchicalWebs} = 1;
 
-    Foswiki::Func::createWeb( $this->{test_web} . "/Blah" );
+    my $webObject = Foswiki::Meta->new( $this->{session}, $this->{test_web} . "/Blah"  );
+    $webObject->populateNewWeb();
 
     Foswiki::Func::saveTopicText( $this->{test_web}, $topic, 'blah' );

trunk/UnitTestContrib/test/unit/PrefsTests.pm

@@ -39 +39 @@
     $topicquery = new Unit::Request("");
     $topicquery->path_info("/$this->{test_web}/$this->{test_topic}");
+
+
     try {
-        Foswiki::Func::createWeb( $TWiki::cfg{SystemWebName}, $original );
+        my $webObject = Foswiki::Meta->new( $this->{session}, $TWiki::cfg{SystemWebName} );
+        $webObject->populateNewWeb($original);
         my $m =
           Foswiki::Meta->load( $this->{session}, $original,

trunk/UnitTestContrib/test/unit/StoreTests.pm

@@ -39 +39 @@
     $this->SUPER::set_up();
 
-    Foswiki::Func::createWeb($web);
-
-    #    $this->{session} = new Foswiki($this->{test_user_login});
+    my $testWebObj = Foswiki::Meta->new( $this->{session}, $web );
+    $testWebObj->populateNewWeb();
+
+    #  Store doesn't do access checks anyway, so run as admin
+    #  so that Func:: works
+    $this->{session}->finish();
+    $this->{session} = new Foswiki( $Foswiki::cfg{AdminUserLogin} );
 
     open( FILE, ">$Foswiki::cfg{TempfileDir}/testfile.gif" );

trunk/core/lib/Foswiki/Func.pm

@@ -1216 +1216 @@
         ($baseweb) = _validateWTA($baseweb);
     }
-
-    ASSERT($Foswiki::Plugins::SESSION) if DEBUG;
-    # SMELL: check access permissions
+    ASSERT($Foswiki::Plugins::SESSION) if DEBUG;
+
+    my $rootObject = Foswiki::Meta->new( $Foswiki::Plugins::SESSION );
+    unless ( $rootObject->haveAccess('CHANGE') ) {
+        throw Foswiki::AccessControlException( 'CHANGE',
+            $Foswiki::Plugins::SESSION->{user},
+            $web, '', $Foswiki::Meta::reason );
+    }
+
+    my $baseObject = Foswiki::Meta->new( $Foswiki::Plugins::SESSION, $baseweb );
+    unless ( $baseObject->haveAccess('CHANGE') ) {
+        throw Foswiki::AccessControlException( 'VIEW',
+            $Foswiki::Plugins::SESSION->{user},
+            $web, '', $Foswiki::Meta::reason );
+    }
+
     my $webObject = Foswiki::Meta->new( $Foswiki::Plugins::SESSION, $web );
     $webObject->populateNewWeb($baseweb);
@@ -1928 +1941 @@
         }
 
-        # SMELL: check access permissions
         $from->moveAttachment( $attachment, $to, @opts );
     }
@@ -2010 +2022 @@
         }
 
-        # SMELL: check access permissions
         $from->copyAttachment( $attachment, $to, @opts );
     }